Making CVC and Pin for Credit Cards Secure

shade-sdev · Jan 10, 2025 · 1948baf · 1948baf
1 parent c09f447
commit 1948baf
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 13 deletions.
diff --git a/src/main/kotlin/core/models/dto/CreditCardDto.kt b/src/main/kotlin/core/models/dto/CreditCardDto.kt
@@ -7,8 +7,8 @@ data class CreditCardDto(
     var name: String,
     var owner: User,
     var number: String,
-    var cvc: Int?,
-    var pin: Int?,
+    var cvc: String?,
+    var pin: String?,
     var expiryDate: String,
     var notes: String?
 )
diff --git a/src/main/kotlin/repository/creditcard/CreditCardExposedEntity.kt b/src/main/kotlin/repository/creditcard/CreditCardExposedEntity.kt
@@ -13,8 +13,8 @@ object CreditCardTable : AuditableTable(name = "credit_cards") {
     val name = varchar("name", length = 255)
     val owner = reference("owner_id", UsersTable)
     val number = varchar("number", length = 255)
-    val cvc = integer("cvc").nullable()
-    val pin = integer("pin").nullable()
+    val cvc = varchar("cvc", 255).nullable()
+    val pin = varchar("pin", 255).nullable()
     val expiryDate = varchar("expiry_date", length = 5)
     val notes = text("notes").nullable()
     val favorite = bool("favorite").default(false)

diff --git a/src/main/kotlin/ui/components/secvault/passwordinfo/CredentialForms.kt b/src/main/kotlin/ui/components/secvault/passwordinfo/CredentialForms.kt
@@ -90,11 +90,19 @@ fun CreditCardCredentialForm(screenModel: SecVaultScreenModel) {
     }
 
     var cvc by remember(selectedCredential) {
-        mutableStateOf(selectedCredential.creditCard?.cvc ?: "")
+        mutableStateOf(
+            selectedCredential.creditCard?.cvc?.let {
+                screenModel.decryptPassword(it)
+            } ?: ""
+        )
     }
 
     var pin by remember(selectedCredential) {
-        mutableStateOf(selectedCredential.creditCard?.pin ?: "")
+        mutableStateOf(
+            selectedCredential.creditCard?.pin?.let {
+                screenModel.decryptPassword(it)
+            } ?: ""
+        )
     }
 
     var expiryDate by remember(selectedCredential) {
@@ -138,7 +146,8 @@ fun CreditCardCredentialForm(screenModel: SecVaultScreenModel) {
                 field = cvc.toString(),
                 onFieldChange = { cvc = it },
                 label = "CVC",
-                modifier = Modifier.fillMaxWidth()
+                modifier = Modifier.fillMaxWidth(),
+                isPassword = true
             )
         }
 
@@ -147,7 +156,8 @@ fun CreditCardCredentialForm(screenModel: SecVaultScreenModel) {
                 field = pin.toString(),
                 onFieldChange = { pin = it },
                 label = "Pin",
-                modifier = Modifier.fillMaxWidth()
+                modifier = Modifier.fillMaxWidth(),
+                isPassword = true
             )
         }
 

diff --git a/src/main/kotlin/ui/validators/CreditCardFormValidator.kt b/src/main/kotlin/ui/validators/CreditCardFormValidator.kt
@@ -65,8 +65,8 @@ fun toCreditCardDto(formValidator: FormValidator, user: User, owner: User): Cred
         formValidator.getField(CreditCardFormFieldName.CARD_NAME)?.value?.value!!,
         owner,
         formValidator.getField(CreditCardFormFieldName.CARD_NUMBER)?.value?.value!!,
-        formValidator.getField(CreditCardFormFieldName.CARD_CVC)?.value?.value!!.toInt(),
-        formValidator.getField(CreditCardFormFieldName.CARD_PIN)?.value?.value!!.toInt(),
+        formValidator.getField(CreditCardFormFieldName.CARD_CVC)?.value?.value!!,
+        formValidator.getField(CreditCardFormFieldName.CARD_PIN)?.value?.value!!,
         formValidator.getField(CreditCardFormFieldName.CARD_EXPIRY)?.value?.value!!,
         formValidator.getField(CreditCardFormFieldName.CARD_NOTES)?.value?.value,
     )

diff --git a/src/main/kotlin/viewmodel/PasswordMgntScreenModel.kt b/src/main/kotlin/viewmodel/PasswordMgntScreenModel.kt
@@ -47,7 +47,10 @@ class PasswordMgntScreenModel(
     fun saveCreditCard(id: UUID?, creditCardDto: CreditCardDto, formType: FormType) {
         saveOrUpdate(
             id = id,
-            dto = creditCardDto,
+            dto = creditCardDto.apply {
+                creditCardDto.cvc = appState.encryptString(creditCardDto.cvc)
+                creditCardDto.pin = appState.encryptString(creditCardDto.pin)
+            },
             formType = formType,
             saveAction = creditCardRepository::save,
             updateAction = creditCardRepository::update,

diff --git a/src/main/resources/db/migration/V3__create_credit_card_table.sql b/src/main/resources/db/migration/V3__create_credit_card_table.sql
@@ -7,8 +7,8 @@ CREATE TABLE credit_cards
     owner_id              TEXT     NOT NULL,
     name                  TEXT     NOT NULL,
     "number"              TEXT,
-    cvc                   INTEGER,
-    pin                   INTEGER,
+    cvc                   TEXT,
+    pin                   TEXT,
     expiry_date           TEXT,
     notes                 TEXT,
     favorite              INTEGER DEFAULT 0,